The biggest test of Internet homeland security went pretty much unnoticed this week. Yet it represents the most serious attack on the Internet itself for five years. On the 6th February a 12 hour concerted Distributed Denial of Service attack took place aimed at the DNS root servers that manage global Internet traffic. DNS is the Domain Name System that translates between the easy to remember URLs we all use, such as daniweb.com, and the much less memorable underlying IP address in numeric form. Think of it as being a huge distributed database system and you are pretty much in the right ballpark.
In this attack, making use once again of that ever present menace fuelled by end-user insecurity and malware infected applications, the Botnet, three root servers in particular were targeted and briefly succumbed to the flood of data: G, L and M. G refers to the one operated by the Defense Department and is in fact the military’s top level domain, L refers to the Internet Corporation for Assigned Names and Numbers (ICANN) server, and M the Widely Integrated Distributed Environment (WIDE) project. Yet it appears the real target might have been UltraDNS which operate servers that manage traffic within the org domain, and it looks likely that the attack originated in South Korea given the volume of rogue data traced back there.